Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
CVE-2023-37267
7.5HIGH
What is CVE-2023-37267?
The Umbraco ASP.NET CMS has a vulnerability that, under specific rare conditions, may allow unauthorized users to gain admin-level permissions following a system restart. This issue potentially compromises the security of the CMS, making it critical for admins to update to the patched versions 10.6.1, 11.4.2, and 12.0.1. Immediate action is advised to protect your systems.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Umbraco-CMS >= 9.0.0, < 10.6.1 < 9.0.0, 10.6.1
Umbraco-CMS >= 11.0.0, < 11.4.2 < 11.0.0, 11.4.2
Umbraco-CMS = 12.0.0 = 12.0.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved